ansible/pytest-ansible

[Feature] Add command line parameter to pass Ansible Vault Password file

jleveque opened this issue · 2 comments

When running ansible-playbook, there exists a command line parameter, --vault-password-file which allows one to pass the path of a file containing the password for decrypting Ansible-Vault-encrypted files (documentation here).

Pytest-Ansible needs to provide a similar command line argument in order to obtain secrets from Ansible-Vault-encrypted secrets files for the sake of parity.

This is also an issue for us and I would have time to implement it if that helps the project as it blocks us currently from using the library. I think the proposal to keep the same command line arguments as the playbook is a good one. There are also other relevant parameters (see the list). The good thing of the design is that it follows the ideas you already have. We will double the --vault-password parameter with an --ansible-vault-password-file. For the implementation we have to extend the initialization of the ansible.parsing.dataloader.DataLoader object and connect it to the Vault. Would a pull request for this be accepted?

P.S. All the parameters which are now accepted by ansible-playbook:

ansible-playbook [-h] [--version] [-v] [-k]
                     [--private-key PRIVATE_KEY_FILE] [-u REMOTE_USER]
                     [-c CONNECTION] [-T TIMEOUT]
                     [--ssh-common-args SSH_COMMON_ARGS]
                     [--sftp-extra-args SFTP_EXTRA_ARGS]
                     [--scp-extra-args SCP_EXTRA_ARGS]
                     [--ssh-extra-args SSH_EXTRA_ARGS] [--force-handlers]
                     [--flush-cache] [-b] [--become-method BECOME_METHOD]
                     [--become-user BECOME_USER] [-K] [-t TAGS]
                     [--skip-tags SKIP_TAGS] [-C] [--syntax-check] [-D]
                     [-i INVENTORY] [--list-hosts] [-l SUBSET]
                     [-e EXTRA_VARS] [--vault-id VAULT_IDS]
                     [--ask-vault-pass | --vault-password-file VAULT_PASSWORD_FILES]
                     [-f FORKS] [-M MODULE_PATH] [--list-tasks]
                     [--list-tags] [--step] [--start-at-task START_AT_TASK]
                     playbook [playbook ...]

Closing as not planned because the same can be achieved using environment variables instead of cli arguments.